zloader | 77184f1532fef0b593262fdd95ff1f2d2637fe08be003304d4e44f358c67b2d1 | Triage

Sharing

General

Target

ISLeRPs.dll
Size

744KB
Sample

210311-96nskf9eke
MD5

34379df22c95ed0f82ccb5f91f8a7069
SHA1

5bf00c67f45de592866b2fc91963dc83057390f4
SHA256

77184f1532fef0b593262fdd95ff1f2d2637fe08be003304d4e44f358c67b2d1
SHA512

bd446f119df944c9c7ea0603e3b05f893d030b337163cd527c00c0f601ea24ceabdc77f26103e9002daac0597d6e390b8ebf3296bc904f469d243f235c4cd35e

Score

10^/10

zloader nut 11/03 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

11/03

C2

https://benjaminecomstore.com/post.php

https://hactivehealth.com/post.php

https://kediae.com/post.php

https://lawrencesstore.com/post.php

https://mylbecommerce.com/post.php

https://modernessentails.com/post.php

https://loanjarube.com/post.php

https://mylolabrands.com/post.php

https://riamanlisibuslae.ga/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  ISLeRPs.dll
- Size
  
  744KB
- MD5
  
  34379df22c95ed0f82ccb5f91f8a7069
- SHA1
  
  5bf00c67f45de592866b2fc91963dc83057390f4
- SHA256
  
  77184f1532fef0b593262fdd95ff1f2d2637fe08be003304d4e44f358c67b2d1
- SHA512
  
  bd446f119df944c9c7ea0603e3b05f893d030b337163cd527c00c0f601ea24ceabdc77f26103e9002daac0597d6e390b8ebf3296bc904f469d243f235c4cd35e
Score

10^/10

zloader nut 11/03 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut11/03botnettrojan

behavioral2